<?php
require 'include/library.inc.php';

if ($_SESSION['USER_SID'] && $_SESSION['LOGIN_REDIRECT']) redirect($_SESSION['LOGIN_REDIRECT']);

require 'include/fbmain.inc.php';

# Facebook login
if($user)
{
	$sql = "SELECT * FROM users WHERE fb_id = '$user'";
	$result = query($sql);
			
			if ($row = mysql_fetch_object($result)) {
				
				$_SESSION['USER_SID'] = $row->user_id;
				$_SESSION['USER_EMAIL'] = $row->email;
			
				
			} else {
				$gender = '';
				if($user_profile['gender'] == 'male') $gender = 'm';
				if($user_profile['gender'] == 'female') $gender = 'f';
				$sql = 'INSERT INTO users
				  (first_name, last_name, email,gender,fb_id)
				VALUES
				  (\''.$user_profile['first_name'].'\', \''.$user_profile['last_name'].'\', \''.$user_profile['email'].'\', \''.$gender.'\', \''.$user.'\')
				  ';
				query($sql);
				$user_id = mysql_insert_id();
				
				$_SESSION['USER_SID'] = $user_id;
				$_SESSION['USER_EMAIL'] = $user_profile['email'];
				
			}
				$_SESSION['FB_ID'] = $user;
			# За проверка на валидност на сесията
				$salt = substr(md5(date("F")), 5);
				$_SESSION['LOGGEDIN'] = md5($row->user_id.$salt);
			
			//echo $user_profile['email'];
			
		redirect(HTML_BASE_SSL.$_SESSION['LOGIN_REDIRECT']);
}

# Register
if ($_POST['is_submitted'] && $_POST['button']=='register') {
	$error_message = '';
	
	if (!$_POST['first_name'])  $error_message .= 1;
	if (!$_POST['last_name'])  $error_message .= 2;
	if (!$_POST['register_email'])  $error_message .= 3;
	elseif (!checkEmail($_POST['register_email'])) $error_message .= 3;
	if (!$_POST['register_password'])  $error_message .= 4;
	
	$sql = "SELECT
				user_id
			   FROM
				 users
			   WHERE
				 email = \"".escape($_POST['register_email'])."\"
			";
	if ($row = mysql_fetch_assoc(query($sql))) {
		$error_register .= "There is a user entry with this E-mail Address";
		$error_message .= 3;
	}
		
	#OK
	if(!$error_message) {
		
		# Create new user
		$sql = 'INSERT INTO users
				  (first_name, last_name, email, hash_password)
				VALUES
				  (\''.escape($_POST['first_name']).'\', \''.escape($_POST['last_name']).'\', \''.escape($_POST['register_email']).'\', \''.md5($_POST['register_password']).'\')
				  ';
		query($sql);
		$user_id = mysql_insert_id();
		
		$_SESSION['USER_SID'] = $user_id;
		$_SESSION['USER_EMAIL'] = escape($_POST['register_email']);
		
		# За проверка на валидност на сесията
		$salt = substr(md5(date("F")), 5);
		$_SESSION['LOGGEDIN'] = md5($user_id.$salt);
		
		redirect(HTML_BASE_SSL.$_SESSION['LOGIN_REDIRECT']);
		
	}

# Login	
} elseif ($_POST['is_submitted'] && $_POST['button']=='login') {
	$error_message = '';
	
	if (!$_POST['login_email'])  $error_message .= 5;
	if (!$_POST['login_password'])  $error_message .= 6;
	
	#OK
	if(!$error_message) {
		
		$sql = "SELECT
					user_id
				   FROM
					 users
				   WHERE
					 email = '".escape($_POST['login_email'])."'
					AND
					 hash_password = '".md5($_POST['login_password'])."'
				";
		$result = query($sql);
		if ($row = mysql_fetch_object($result)) {
			
			$_SESSION['USER_SID'] = $row->user_id;
			$_SESSION['USER_EMAIL'] = escape($_POST['login_email']);
			
			# За проверка на валидност на сесията
			$salt = substr(md5(date("F")), 5);
			$_SESSION['LOGGEDIN'] = md5($row->user_id.$salt);
			
			redirect(HTML_BASE_SSL.$_SESSION['LOGIN_REDIRECT']);
			
		} else {
			
			$error_login .= "Invalid login";
			$error_message .= 56;
			
		}
		
	}
	
}

head("Sign up with ESL Traveler","",100);
?>
        
                     

        <form action="<?=HTML_BASE_SSL.$_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data">
        <input type="hidden" name="is_submitted" value="1" />
        
        
    	<div id="left">
        	<h2>Register</h2>
            
            <div class="padding">
            	
                Sign up with ESL Traveler.<br><br>
                
                <?php if ($error_register) { ?>
                <div class="red">
                    <?=$error_register?>
                </div>
                <?php } ?>
                
                <table width="100%" cellpadding="0" cellspacing="0">
                <tr>
                <td width="50%">
                First Name<br>
                <input class="inputbox <?=((preg_match('#[1]#',$error_message))?"redborder":"")?>" style="width:266px" name="first_name" type="text" value="<?=$_POST['first_name']?>" /><br>
                </td>
                <td>
                Last Name<br>
                <input class="inputbox <?=((preg_match('#[2]#',$error_message))?"redborder":"")?>" style="width:266px" name="last_name" type="text" value="<?=$_POST['last_name']?>" /><br>
                </td>
                </tr>
                <tr>
                <td>
                E-mail Address<br>
                <input class="inputbox <?=((preg_match('#[3]#',$error_message))?"redborder":"")?>" style="width:266px" name="register_email" type="text" value="<?=$_POST['register_email']?>" /><br>
                </td>
                <td>
                Password<br>
                <input class="inputbox <?=((preg_match('#[4]#',$error_message))?"redborder":"")?>" style="width:266px" name="register_password" type="password" value="<?=$_POST['register_password']?>" /><br><br>
                </td>
                </tr>
                </table>
                
                <button class="button" type="submit" name="button" value="register">Register</button>
                
            </div>
        </div>
        
        </form>
        
        <form action="<?=HTML_BASE_SSL.$_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data">
        <input type="hidden" name="is_submitted" value="1" />
        
        <div class="right">
            <h2>Login</h2>
            
            <div class="padding">
            	
                Already have an account? Login here.<br><br>
                <?php if ($error_login) { ?>
                <div class="red">
                    <?=$error_login?>
                </div>
                <?php } ?>
                
                E-mail Address<br>
                <input class="inputbox <?=((preg_match('#[5]#',$error_message))?"redborder":"")?>" style="width:266px" name="login_email" type="text" value="<?=$_POST['login_email']?>" /><br>
                
                Password<br>
                <input class="inputbox <?=((preg_match('#[6]#',$error_message))?"redborder":"")?>" style="width:266px" name="login_password" type="password" value="<?=$_POST['login_password']?>" /><br><br>
                
                <button style="float:right" class="button" type="submit" name="button" value="login">Login</button>
                
            </div>
        </div>
        
        </form>  
        
        <div class="panel" style="text-align:center">
        	
            <a class="fb-button" onClick="javascript:login(); return false;" href="#">
            <span class="fb-left"></span>
            <span class="fb-center">Sign In with Facebook</span>
            <span class="fb-right"></span>
            </a>
            
        </div>
    
<?php foot(); ?>